cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1174
Views
15
Helpful
5
Replies
Highlighted
Beginner

Mobility Express 8.5.151 and phones

Hello, all. 

I have 7 AP 1832 with mobility express. Two APs are controlles (primary/backup) and all other are CAPWAP.

  Unusual behavior detected on iPhones with my WPA2-PSK ssid: client iPhone entering right PSK key, trying to connect => Fail: incorrect password. Client goes to other place and trying to connect => Ok. debug client mac says:

Failed AP:

*Dot1x_NW_MsgTask_0: Sep 04 12:19:25.979: 40:00:00:00:aa:bb Successfully computed PTK from PMK!!!
*Dot1x_NW_MsgTask_0: Sep 04 12:19:25.979: 40:00:00:00:aa:bb Received EAPOL-key M2 with invalid MIC from mobile 40:00:00:00:aa:bb version 3
*osapiBsnTimer: Sep 04 12:19:27.121: 40:00:00:00:aa:bb 802.1x 'timeoutEvt' Timer expired for station 40:00:00:00:aa:bb and for message = M2
*Dot1x_NW_MsgTask_0: Sep 04 12:19:27.121: 40:00:00:00:aa:bb Retransmit 1 of EAPOL-Key M1 (length 121) for mobile 40:00:00:00:aa:bb
*Dot1x_NW_MsgTask_0: Sep 04 12:19:27.121: 40:00:00:00:aa:bb Sending 802.11 EAPOL message to mobile 40:00:00:00:aa:bb WLAN 2, AP WLAN 2

 

 

Good AP:

*Dot1x_NW_MsgTask_0: Sep 04 12:20:51.021: 40:00:00:00:aa:bb Successfully computed PTK from PMK!!!
*Dot1x_NW_MsgTask_0: Sep 04 12:20:51.021: 40:00:00:00:aa:bb Received valid MIC in EAPOL Key Message M2!!!!!

*Dot1x_NW_MsgTask_0: Sep 04 12:20:51.021: 40:00:00:00:aa:bb Compare RSN IE in association and EAPOL-M2 frame(rsnie_len :20, and grpMgmtCipherLen:0)
*Dot1x_NW_MsgTask_0: Sep 04 12:20:51.021: 40:00:00:00:aa:bb rsnieCapabilty = c rsnie_len =20
*Dot1x_NW_MsgTask_0: Sep 04 12:20:51.021: 40:00:00:00:aa:bb Dumping RSNIE received in Association request(len = 22):

 

Looks like client enter wrong PSK, but as I said: same key works on other AP. Android devices works fine without problems. 802.1x works fine on all devices. Problem only with WPA2-PSK ssid. Please help me to tune it. (8.5.140 had the same problem)

 

Everyone's tags (3)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
VIP Mentor

Re: Mobility Express 8.5.151 and phones

are you enabled 802.11r.

 

Please try to disable 802.11r on the SSID and test again.

 

Regards

Dont forget to rate helpful posts

View solution in original post

Highlighted
Hall of Fame Community Legend

Re: Mobility Express 8.5.151 and phones

5 REPLIES 5
Highlighted
VIP Mentor

Re: Mobility Express 8.5.151 and phones

are you enabled 802.11r.

 

Please try to disable 802.11r on the SSID and test again.

 

Regards

Dont forget to rate helpful posts

View solution in original post

Highlighted
Beginner

Re: Mobility Express 8.5.151 and phones

Thanks guys! After disabling 802.11r all works fine!

Highlighted

Re: Mobility Express 8.5.151 and phones

Why disable 802.11r when using an iPhone?

Please explain why.

Highlighted
Hall of Fame Master

Re: Mobility Express 8.5.151 and phones

Sometimes “features” don’t work as expected. The variables that can have a negative affect when using any features are code on the controller, ap type, device type and the nic and firmware. Now, it might not be an issue to you and in your environment, but when folks start to complain, it’s one of the first things you do after you find out there has been an upgrade network wise of device, disable features.
-Scott
*** Please rate helpful posts ***
Highlighted
Hall of Fame Community Legend

Re: Mobility Express 8.5.151 and phones

CreatePlease to create content
Content for Community-Ad

Cisco COVID-19 Survey